Remove the handshake digests and related code, replacing remaining uses

with the handshake hash. For now tls1_digest_cached_records() is retained
to release the handshake buffer.

ok beck@ inoguchi@

1 files changed, 1 insertions, 21 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index da48765aba..49af292d6c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -193,12 +193,6 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
         0, 0, 0, 0, 0, 0, 0,
 };
 
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
-        SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
-        SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-        SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
-};
-
 #define CIPHER_ADD      1
 #define CIPHER_KILL     2
 #define CIPHER_DEL      3
@@ -706,20 +700,6 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 }
 
 int
-ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
-{
-        if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
-                return 0;
-        }
-        *mask = ssl_handshake_digest_flag[idx];
-        if (*mask)
-                *md = ssl_digest_methods[idx];
-        else
-                *md = NULL;
-        return 1;
-}
-
-int
 ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 {
         *md = NULL;